According to NIST, risk assessments are a key part of effective risk management and facilitate decision making at all three tiers in the risk management hierarchy including the organization level, mission/business process level, and information system level. Because...
US-CERT states that all computer users, from home users to professional information security officers, should back up the critical data they have on their desktops, laptops, servers, and even mobile devices to protect it from loss or corruption. Saving just one backup...
Removable media is any form of computer storage or data transfer device that is designed to be inserted and removed from a system. This section provides resources for secure removable storage practices. Implementation Assessment AT&T Cybersecurity – Data...
Data encryption is the process of translating data into a code (ciphertext) so that only people with access to a secret key can read it. Encrypting data is one of the most popular and effective security methods used by an organization. Implementation Assessment Boston...
Implementing personnel security policies and procedures can help to mitigate the risk of individuals using their legitimate access to an asset for unauthorized purposes. Implementation Assessment Department of Agriculture – Personnel Security for Information...
Application security is comprised of steps that are taken to improve the security of an application by identifying, repairing and preventing security vulnerabilities. To help with eliminating vulnerabilities in web and other application software, organizations should...
